Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

inputs.conf behaviour doesn't corespond with documentation

Christian
Path Finder
‎08-24-2011 05:05 AM

Hello all,

my direcotry structur :

/data/A/logs/aaaaaaa.log
/data/A/logs/aaaaaaa1.log
/data/B/logs/aaaaaaa.log
/data/B/logs/aaaaaaa1.log

my inputs.conf 

[monitor:///data/*/logs]
sourcetype=mysourcetype
index=idx_myindex_dev
disabled=false

A) If I'am putting the Fullpath "for example /data/A/logs/" to the monitor field it works fine

B) If I try it with the inputs.conf above, he lists me only the directorys, but doesn't index any file. In the Splunkd.log he says Parsing configuration stanza: monitor:///data/*/logs. No error, no information.

According to the Documentation :
`The asterisk () matches anything in a single path segment;
unlike "...", it does not recurse. For example,
/foo//bar matches the files /foo/bar, /foo/1/bar, /foo/2/bar,
etc. However, it does not match /foo/1/2/bar.

wich is fine for me, anyway I tried it also with the ... witch would be also fine for me but that doesn't work either.

Q : Any Idea what I'am doing wrong ?

Universalforwarder : 4.2.3

OS : AIX 6.1

Documentation : http://docs.splunk.com/Documentation/Splunk/latest/Admin/inputsconf

Tags (2)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

rroberts
Splunk Employee
Splunk Employee
‎08-24-2011 10:29 AM

I think you'll find a very detailed explanation here ... http://splunk-base.splunk.com/answers/2775/regexs-and-windows-paths-in-inputsconf-and-propsconf

View solution in original post

Reply
Solved! Jump to solution
Solution

rroberts
Splunk Employee
Splunk Employee
‎08-24-2011 10:29 AM

I think you'll find a very detailed explanation here ... http://splunk-base.splunk.com/answers/2775/regexs-and-windows-paths-in-inputsconf-and-propsconf

Reply
Solved! Jump to solution

Christian
Path Finder
‎11-10-2011 05:47 AM

thx the refrence articel answers my qustion

0 Karma
Reply
Get Updates on the Splunk Community!

New Year, New Changes for Splunk Certifications

As we embrace a new year, we’re making a small but important update to the Splunk Certification ...

Stay Connected: Your Guide to January Tech Talks, Office Hours, and Webinars!

What are Community Office Hours? Community Office Hours is an interactive 60-minute Zoom series where ...

[Puzzles] Solve, Learn, Repeat: Reprocessing XML into Fixed-Length Events

This challenge was first posted on Slack #puzzles channelFor a previous puzzle, I needed a set of fixed-length ...